<?php
// App::uses('Debugger', 'Utility');

/**
 * Extends the functionality of AuthComponent to include 'remember me' functionality - the user
 * is remembered for 2 weeks even if the normal Cake session expires.
 * Based on http://www.webdevelopment2.com/cakephp-auth-component-tutorial-3/ - but evolved
 * considerably :D
 * - the password is not stored in the cookie
 * - instead, a hash of (password + secret string) is stored (the hash is generated using the
 * application's Salt) - so a password change renders the cookie invalid
 * - together with the username
 * - and the current time (so the cookie is not valid after two weeks even it is stil present in the
 * browser through some hack)
 * - and a hash of all these values (the hash is generated using the Security salt) so any change of
 * one variable can be detected
 *
 * Assumptions:
 * - that your users' model is called User
 * - the field that stores the username is called username
 * - the field that stores the password is called password
 *
 * 1) in AppController
 * - include Cookie, Auth, AuthExtension (in this order)
 * - in the constructor set
 *         $this->Auth->autoRedirect = false;
 *
 * 2) in your users controller
 *     function login() {
        $this->AuthExtension->checkRememberMe();
    }

    function logout() {
        $this->AuthExtension->logout();
        $this->Auth->logout();
        $this->redirect('/');
    }
 *
 * 3) in the login form add a field
    echo $form->input('remember_me', array('label' => 'remember me on this site', 'type' => 'checkbox'));
 *
 */
class AuthExtensionComponent extends Component {
    const cookie_name = "computer"; // deceiving name :D
    const cookie_expire_string = '+1 month';
    const cookie_expire_seconds = 2419200; //2 * 7 * 24 * 60 * 60;

    var $controller = null;

    function initialize(Controller  &$controller) {

        $this->controller = $controller;






    }

    /**
     * Check remember login info
     *
     * @param type  meta
     * @return type  meta
     * @access public
     */
    function checkRememberMe($auth_user) {

        // Auth->autoRedirect must be set to false (i.e. in a beforeFilter) for this to work
        // $auth_user = $this->controller->Auth->user();

        if ($auth_user) {
            if (!empty($this->controller->data) && $this->controller->data['User']['remember_me'] ) {

                // Save login to session
                $this->_saveToCookie( $auth_user );

            } else {
                // if there is a cookie, it's not good (the user would not have used the login form)
                $this->logout();
            }
            // $this->controller->redirect($this->controller->Auth->redirect());
            $this->controller->redirect ("/admin");
            return;
        }

    }

    /**
     * Save login info to cookie
     *
     * @param $User - User info
     * @access public
     */
    function _saveToCookie( $u )
    {
        $cookie = array();
        $cookie['username'] = $u['User']['id'];
        $cookie['hash1'] = Security::hash(
            $u['User']['info']['password'] . Configure::read('Security.salt') , null, true);
        $cookie['time'] = time();
        $cookie['hash'] = Security::hash(
            $cookie['username'] . $cookie['hash1'] . $cookie['time']);

            // Save to cookie
        $this->controller->Cookie->write( AuthExtensionComponent::cookie_name, $cookie, true,
            AuthExtensionComponent::cookie_expire_string);

        unset($this->controller->request->data['User']['remember_me']);
        $u = null;
    }

    /**
     * Logout
     *
     * @param type  meta
     * @return type  meta
     * @access public
     */
    function logout() {
        $this->controller->Cookie->delete(AuthExtensionComponent::cookie_name);
    }
}
